Re: [PATCH] spi: sh-msiof: avoid integer overflow in constants

[Geert Uytterhoeven]

Hi Wolfram,

On Tue, Jan 30, 2024 at 10:42 AM Wolfram Sang
<wsa+renesas@xxxxxxxxxxxxxxxxxxxx> wrote:
> cppcheck rightfully warned:
>
>  drivers/spi/spi-sh-msiof.c:792:28: warning: Signed integer overflow for expression '7<<29'. [integerOverflow]
>  sh_msiof_write(p, SIFCTR, SIFCTR_TFWM_1 | SIFCTR_RFWM_1);
>
> Signed-off-by: Wolfram Sang <wsa+renesas@xxxxxxxxxxxxxxxxxxxx>

> --- a/drivers/spi/spi-sh-msiof.c
> +++ b/drivers/spi/spi-sh-msiof.c
> @@ -136,14 +136,14 @@ struct sh_msiof_spi_priv {
>
>  /* SIFCTR */
>  #define SIFCTR_TFWM_MASK       GENMASK(31, 29) /* Transmit FIFO Watermark */
> -#define SIFCTR_TFWM_64         (0 << 29)       /*  Transfer Request when 64 empty stages */
> -#define SIFCTR_TFWM_32         (1 << 29)       /*  Transfer Request when 32 empty stages */
> -#define SIFCTR_TFWM_24         (2 << 29)       /*  Transfer Request when 24 empty stages */
> -#define SIFCTR_TFWM_16         (3 << 29)       /*  Transfer Request when 16 empty stages */
> -#define SIFCTR_TFWM_12         (4 << 29)       /*  Transfer Request when 12 empty stages */
> -#define SIFCTR_TFWM_8          (5 << 29)       /*  Transfer Request when 8 empty stages */
> -#define SIFCTR_TFWM_4          (6 << 29)       /*  Transfer Request when 4 empty stages */
> -#define SIFCTR_TFWM_1          (7 << 29)       /*  Transfer Request when 1 empty stage */
> +#define SIFCTR_TFWM_64         (0UL << 29)     /*  Transfer Request when 64 empty stages */
> +#define SIFCTR_TFWM_32         (1UL << 29)     /*  Transfer Request when 32 empty stages */
> +#define SIFCTR_TFWM_24         (2UL << 29)     /*  Transfer Request when 24 empty stages */
> +#define SIFCTR_TFWM_16         (3UL << 29)     /*  Transfer Request when 16 empty stages */
> +#define SIFCTR_TFWM_12         (4UL << 29)     /*  Transfer Request when 12 empty stages */
> +#define SIFCTR_TFWM_8          (5UL << 29)     /*  Transfer Request when 8 empty stages */
> +#define SIFCTR_TFWM_4          (6UL << 29)     /*  Transfer Request when 4 empty stages */
> +#define SIFCTR_TFWM_1          (7UL << 29)     /*  Transfer Request when 1 empty stage */
>  #define SIFCTR_TFUA_MASK       GENMASK(26, 20) /* Transmit FIFO Usable Area */
>  #define SIFCTR_TFUA_SHIFT      20
>  #define SIFCTR_TFUA(i)         ((i) << SIFCTR_TFUA_SHIFT)

There is a similar issue with the SIFCTR_RFWM_* definitions below,
but these don't trigger, as no data is shifted into the sign bit.

What about unifying the individual SIFCTR_?FWM_[0-9]* definitions
into SIFCTR_xFWM_[0-9]* instead, and using the bitfield helpers in its
sole user?

-        sh_msiof_write(p, SIFCTR, SIFCTR_TFWM_1 | SIFCTR_RFWM_1);
+        sh_msiof_write(p, SIFCTR,
+                       FIELD_PREP(SIFCTR_TFWM_MASK, SIFCTR_xFWM_1) |
+                       FIELD_PREP(SIFCTR_RFWM_MASK, SIFCTR_xFWM_1);

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds